Great question. We have a variety of ways to implement permissioning. You can get pretty granular with how you wish to implement your rules whether they be role-based or relational. Feel free to poke around our docs here to learn more about the use cases for each with examples: https://scaphold.io/docs/#permissions-authorization